瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我这个毒还真厉害,我的防火墙成未知程序了

1   1  /  1  页   跳转

我这个毒还真厉害,我的防火墙成未知程序了

收藏
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 12:41 | 只看楼主 短消息 资料
字号: 1楼

我这个毒还真厉害,我的防火墙成未知程序了

我中了个病毒,用瑞星杀不了吗,杀了还有杀了还有搞毛,瑞星扫描的病毒在图1里面,大虾帮我看下啊!
中了病毒我d盘就打不开了非要用右键点打开才行不能直接双击了,咋弄!这是图2!
我就看到d盘多了2个文件一个就是那autorun安装信息,还有那pagefile说是指向什么程序的,估计就这2毛病,我删了n次了可以删但是再打开d盘他又有了,这是图3!
我防火墙打不开了,重装下能用一次,然后又不能用了,我电脑认不识防火墙了,居然全是未知程序,这是图4!
就这么多了麻烦大虾教我下啊,1是要把这毒杀了 还有告诉我怎么把我d盘回复下,最好能告诉我怎么不再中这玩意!做这病毒的死全家!生小孩没有小jj

附件附件:

下载次数:278
文件类型:image/pjpeg
文件大小:
上传时间:2006-6-2 12:41:45
描述:
预览信息:EXIF信息



最后编辑2006-06-02 13:32:29
分享到:
gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 12:42 | 只看楼主 短消息 资料
字号: 2楼

2图

附件附件:

下载次数:263
文件类型:image/pjpeg
文件大小:
上传时间:2006-6-2 12:42:42
描述:
预览信息:EXIF信息
gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 12:44 | 只看楼主 短消息 资料
字号: 3楼

3图

附件附件:

下载次数:214
文件类型:image/pjpeg
文件大小:
上传时间:2006-6-2 12:44:18
描述:
预览信息:EXIF信息
gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 12:45 | 只看楼主 短消息 资料
字号: 4楼

4图

附件附件:

下载次数:241
文件类型:image/pjpeg
文件大小:
上传时间:2006-6-2 12:45:00
描述:
预览信息:EXIF信息
gototop
 
让我注册吧
头像
健康舞勺狮
  • 帖子:245
  • 注册: 2005-02-26
  • 来自:
发表于: 2006-06-02 13:06 | 短消息 资料
字号: 5楼

不好意思!我也不会!上次也是中了这东东!最后格盘重装!惨!
gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 13:17 | 只看楼主 短消息 资料
字号: 6楼

我以前也中了次和这次的状态一样但是我忘记我以前怎么搞的了,真是悲剧!
貌似是重装的,我希望我上次是重装的,要是以前搞定了一次这次又被他玩,就太丢脸了!
再重申一次,作这病毒的死全家,生儿子没有小jj!
gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 13:29 | 只看楼主 短消息 资料
字号: 7楼

未知家族病毒分析
扫描结果:
C:\WINDOWS\SMSS.EXE --> 与 Trojan.PSW.LMir 90%相似.


系统活动进程
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\SYSTEM32\MSVBVM50.DLL
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SCRCHPG.DLL
D:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SCRCH_AG.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\FSSYNC.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_RMT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\CCCLIENT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KLIPC.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KLUTIL.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\RPT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\CCIFACE.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRLOADER.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRKERNEL.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRSTRING.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_SRV.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_CLNT.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\TEMPFILE.PPL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RACER-NJGD\RACERKP.EXE
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
C:\WINDOWS\SYSTEM32\TPHANDLE.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_001.DLL
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
D:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL
D:\PROGRAM FILES\TENCENT\QQ\QDSHM.DLL
D:\PROGRAM FILES\TENCENT\QQ\MFC42.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\PROGRAM FILES\COMMON FILES\ADOBE\SHELL\PSICON.DLL

C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL

D:\PROGRAM FILES\JJ4\JJSVR4.EXE
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL

C:\PROGRAM FILES\RACER-NJGD\RACER.EXE
C:\PROGRAM FILES\RACER-NJGD\RWXRE.DLL
C:\PROGRAM FILES\RACER-NJGD\NSPR4.DLL
C:\PROGRAM FILES\RACER-NJGD\XPCOM.DLL
C:\PROGRAM FILES\RACER-NJGD\NSS3.DLL
C:\PROGRAM FILES\RACER-NJGD\SOFTOKN3.DLL
C:\PROGRAM FILES\RACER-NJGD\GKGFX.DLL
C:\PROGRAM FILES\RACER-NJGD\XPCOM_COMPAT.DLL
C:\PROGRAM FILES\RACER-NJGD\JS3250.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\NECKO.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\UCONV.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\RACER_BASE_COMP.DLL
C:\PROGRAM FILES\RACER-NJGD\RACER_BASE.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\PIPNSS.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\GKLAYOUT.DLL
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\JAR50.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\GKGFXWIN.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\JSDOM.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\XPCOM_COMPAT_C.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\TEXTEDITOR.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\RACER_AD_COMP.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\RACER_NSS4_COMP.DLL
C:\PROGRAM FILES\RACER-NJGD\NSS4.DLL
C:\PROGRAM FILES\RACER-NJGD\WPCAP.DLL
C:\PROGRAM FILES\RACER-NJGD\PTHREADVC.DLL
C:\PROGRAM FILES\RACER-NJGD\PACKET.DLL
C:\PROGRAM FILES\RACER-NJGD\COMPONENTS\RACER_ACCESS_DHCPPLUS.DLL
C:\PROGRAM FILES\RACER-NJGD\DHCPPLUS.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
C:\WINDOWS\SYSTEM32\TPHANDLE.DLL
C:\PROGRAM FILES\COMMON FILES\COLLEGESOFT\SHARE COMPONENTS\TPHANDLE.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_001.DLL
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SCRCHPG.DLL
D:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SCRCH_AG.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\FSSYNC.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_RMT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\CCCLIENT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KLIPC.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KLUTIL.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\RPT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\CCIFACE.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRLOADER.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRKERNEL.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRSTRING.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_SRV.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_CLNT.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\TEMPFILE.PPL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX
C:\WINDOWS\SYSTEM32\MSCOREE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORIE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORLD.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\OL2005.DLL
C:\WINDOWS\SYSTEM32\PYJJ4.IME

D:\PROGRAM FILES\RISING\RAV\RAV.EXE
D:\PROGRAM FILES\RISING\RAV\PLUGIN\RSPGSCAN.DLL
D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL
D:\PROGRAM FILES\RISING\RAV\RAVUI.DLL
D:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
D:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL
D:\PROGRAM FILES\RISING\RAV\SCANNER.DLL
D:\PROGRAM FILES\RISING\RAV\BWLIST.DLL
D:\PROGRAM FILES\RISING\RAV\RAVUIMSG.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SCRCHPG.DLL
D:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SCRCH_AG.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\FSSYNC.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_RMT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\CCCLIENT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KLIPC.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KLUTIL.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\RPT.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\CCIFACE.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRLOADER.DLL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRKERNEL.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PRSTRING.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_SRV.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\PR_CLNT.PPL
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\TEMPFILE.PPL

C:\WINDOWS\SYSTEM32\CONIME.EXE
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL

E:\下载程序\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\32IEXPLORE.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = ; C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = ; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = ; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
SoundMan = ; SOUNDMAN.EXE
Super Rabbit SRRestore = ; D:\PROGRAM FILES\SUPER RABBIT\MAGICSET\SRREST.EXE /AUTOSAVE
helper.dll = ; C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\PROGRA~1\3721\HELPER.DLL,RUNDLL32
RavTask = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
StormCodec_Helper = ; "D:\PROGRAM FILES\RINGZ STUDIO\STORM CODEC\STORMSET.EXE" /S /OPTI
SunJavaUpdateSched = ; C:\PROGRAM FILES\JAVA\J2RE1.4.2_03\BIN\JUSCHED.EXE
KernelFaultCheck = C:\WINDOWS\SYSTEM32\DUMPREP 0 -K
IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /PRELOAD
TProgram = ; C:\WINDOWS\SMSS.EXE
NvMediaCenter = ; RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL,NVTASKBARINIT
RavScanBD = "D:\PROGRAM FILES\RISING\RAV\SCANBD.EXE" /INST
KAVPersonal50 = "D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE" /MINIMIZE
NvCplDaemon = ; RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
RfwMain = "D:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
MSMSGS = ; "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /BACKGROUND
pyjj = D:\PROGRAM FILES\JJ4\JJSVR4.EXE
pbmini = ; C:\PROGRAM FILES\PCAST\PODCASTBARMINI\PODCASTBARMINISTATER.EXE
eMuleAutoStart = ; E:\PROGRAM FILES\EMULE\EMULE.EXE -AUTOSTART


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =

gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 13:30 | 只看楼主 短消息 资料
字号: 8楼

系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
D:\Autorun.inf
AUTORUN = D:\pagefile.pif

WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe 1
SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
System Safety Monitor = SSMWINLOGONEX.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = USERINIT.EXE,
shell = EXPLORER.EXE 1


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{1B0E7716-898E-48cc-9690-4E338E8DE1D3} = NULL
{30EBA2E2-58B2-4980-9C41-F12F5F1422C5} = C:\WINDOWS\System32\tpHandle.dll
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} = C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll
{889D2FEB-5411-4565-8998-1DD2C5261283} = d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{720A113A-3AA1-456C-9791-072E7D1F8412}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{720A113A-3AA1-456C-9791-072E7D1F8412}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C827C55D-AADE-4935-AFA6-D1CAED8C9BAA}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C827C55D-AADE-4935-AFA6-D1CAED8C9BAA}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{14D4CEF3-90DC-40E6-BB5B-CA23E5766A76}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{14D4CEF3-90DC-40E6-BB5B-CA23E5766A76}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
aspnet_state = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET_STATE.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
cisvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
kavsvc = "D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE"
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
MDM = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
ose = C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = D:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = D:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{40F68DDB-A706-40F1-90BD-34D1606B0C87}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
uploadmgr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 13:30 | 只看楼主 短消息 资料
字号: 9楼

系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
basic2 = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
ExpScaner = D:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fallback = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
Fsks = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HookCont = D:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = D:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = D:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HookUrl = D:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
hsf_msft = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
K56 = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
Kl1 = C:\WINDOWS\SYSTEM32\DRIVERS\KL1.SYS
Klif = C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Klmc = C:\WINDOWS\SYSTEM32\DRIVERS\KLMC.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
MEMSCAN = D:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mProcRs = D:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
ms_mpu401 = C:\WINDOWS\SYSTEM32\DRIVERS\MSMPU401.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
NPF = C:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS
npkcrypt = D:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
nv4 = C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
Rksample = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.SYS
RsFwDrv = D:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
safemon = C:\WINDOWS\SYSTEM32\DRIVERS\SAFEMON.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
sisagp = C:\WINDOWS\SYSTEM32\DRIVERS\SISAGP.SYS
SoftFax = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Tones = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
V124 = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.SYS
vcddev = C:\WINDOWS\SYSTEM32\DRIVERS\VCDVNIC.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
gototop
 
hmilywow
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-06-02
  • 来自:
发表于: 2006-06-02 13:32 | 只看楼主 短消息 资料
字号: 10楼

这是瑞星客服给我的什么听诊器作出来的东西应该可以用吧,我玩魔兽的,这玩意不会盗我的号吧nnd我快4天不敢玩魔兽了!qq也不敢开,我在家干什么啊!无聊啊!
再重申一次,作这病毒的死全家,生儿子没有小jj!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT